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1  PREFACE 

Even  for  the  most  seasoned  commercial  semiconductor  companies,  establishing  a  new 
semiconductor  design  paradigm  is  a  challenging  undertaking.  Application  of  a  relatively  new 
Information  Technology  (IT)  enterprise  architecture,  cloud  computing,  to  a  semiconductor 
foundry  signoff  work  flow  adds  a  further  degree  of  complexity  to  the  effort.  In  order  to 
assimilate  positive  mindshare  for  the  Trusted  Silicon  Stratus  (TSS)  computing  cloud  (TSS 
Cloud),  it  was  an  important  step  to:  (1)  educate  the  target  community,  (2)  address 
misinformation,  and  (3)  establish  an  open  dialogue  on  interests  and  requirements  for  the 
application  of  a  multi-tenancy  cloud  computing  architecture  to  semiconductor  design. 

The  TSS  Workshop  served  as  a  perfect  vehicle  for  accomplishing  the  aforementioned  goals. 
It  is  a  credit  to  the  Air  Force  Research  Laboratory  (AFRL)  executive  management  who 
recognized  that  investing  in  the  TSS  Workshop  could  be  the  catalyst  for  building  a  groundswell 
of  support  and  positive  mindshare  across  the  Department  of  Defense  (DOD),  Department  of 
Energy  (DOE),  and  the  National  Security  Agency  (NSA)  to  endorse  the  need  to  develop  the 
Trusted  Silicon  Stratus  Cloud.  The  AFRL’s  anticipated  expectation  was  that  by  empowering 
Nimbis  Services  to  bring  together  a  core  group  of  DOD  semiconductor  design  organizations, 
along  with  the  National  Security  Agency’s  Trusted  Access  Program  Office  (TAPO)  program 
management,  that  an  appropriate  DOD  funding  agency  would  be  compelled  to  champion  a 
formal  funding  initiative  for  the  TSS  Cloud.  In  this  sense,  with  the  endorsement  of  the  TSS 
Cloud  architecture  by  TAPO  program  management  during  the  TSS  Workshop  Summary  Briefing 
at  the  Trusted  Foundry  Workshop  in  Burlington,  Vermont  on  September  22nd,  2010,  the  AFRL’s 
TSS  Workshop  objective  was  achieved. 
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3  PROJECT  SUMMARY 

This  is  the  final  report  by  Nimbis  Services  for  AFRL  Contract  No.  FA8750-10-C0202.  A 
summary  of  work  progress  by  this  project  includes  the  following: 

•  TSS  Workshop  was  held  on  September  9th  and  10th  at  the  IBM  corporate  offices  in 
Bethesda,  MD. 

•  Identification  of  five  (5)  TSS  Demonstration  Cloud  (TSS-DC)  prototype  “Early 
Adopters”  (“DC5”):  AFRL,  SPAWAR,  Sandia  National  Labs,  Boeing,  IBM 
Microelectronics. 

•  TSS  Summary  Briefing  completed  at  the  Trusted  Loundry  Workshop  IBM  plant  location 
in  Burlington,  Vermont. 

•  TSS  architectural  endorsement  by  NSA  TAPO  program  management. 

•  Commitment  from  IBM  Microelectronics  to  allow  Nimbis  Services  to  port  the  IBM 
Design  Cloud  to  the  initial  deployment  of  the  TSS  Cloud. 

•  Cooperative  collaboration  for  TSS  cloud  security  architecture  from  IBM  Software  Group, 
Cisco  Systems,  and  Intel  Software  Group. 

As  outlined  in  Ligure  1,  three  (3)  primary  themes,  namely,  (1)  security,  (2)  cloud  computing 
architecture,  and  (3)  semiconductor  design  flow  were  the  focus  of  the  TSS  Workshop.  The  TSS 
Workshop  agenda  was  tailored  to  address  these  workshop  themes  with  domain  expertise  support 
for  presenters  of  the  agenda  topics. 


Trust/Security 
requirements  defining 
broad  acceptance  use 
model 


•  EDA  Software 

•  Semiconductor  Intellectual  Property 

•  IT  Enterprise  Architecture 


Cloud-based 
semiconductor  SoC 
work  &  reference  flows 


•Base  TSS  Portal  Flows 
•Customized  Sub-Portal-Flows  (SPFs) 

•  Reduce  cost  impact  leveraging  a  standardized 
model  for  SoC  design-to-release-manufacturing 


r 

Cloud-based  IT 
Enterprise  Architecture 


•  TSS  Business  Model  Fundamentals 

•  Increased  security  &  governance 
•  Semiconductor  IP 


Figure  1  -  TSS  Workshop  Three  (3)  Primary  Themes 
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4  INTRODUCTION 

At  the  same  time  when  United  States  competitiveness  in  manufacturing  is  being  challenged  by 
low  cost  labor  markets  around  the  world,  the  application  of  high  performance  computing  to 
industrial  design  and  processes  holds  the  best  promise  for  restoring  technological  advantages  that 
the  United  States  has  enjoyed  for  much  of  the  20th  century.  No  manufacturing  problem  in 
industry  today  is  more  acutely  affected  by  external  market  forces  than  the  semiconductor 
industry.  The  Department  of  Defense’s  (DOD)  market  leverage  in  the  semiconductor  market  has 
shrunk  to  ~1%  of  the  total  semiconductor  market,  while  semiconductor  design  costs  have 
continued  to  push  small  to  medium  sized  semiconductor  design  companies  out  of  the 
semiconductor  design  business. 

While  the  Department  of  Defense  is  not  a  for-profit  ongoing  concern,  the  price  of  delivering 
state-of-the-art  communications,  weapons  and  reconnaissance  platforms  factor  heavily  into 
budget  appropriations.  At  the  present  level  of  and  inflationary  target  costs  for  semiconductor 
design,  the  financial  realities  and  practical  aspect  of  the  DOD  continuing  to  design 
semiconductor  components  will  come  under  intense  scrutiny.  As  a  result,  semiconductor  design 
teams  across  the  DOD  are  seeking  ways  to  reduce  design  costs  as  well  as  project  development 
schedules.  The  upfront  costs  of  software  and  IT  infrastructure  have  become  prohibitive  to 
manage  across  separate  and  disparate  semiconductor  design  shops  across  the  DOD. 

The  application  of  cloud  computing  provides  an  immediate  relief  to  government  design 
engineers  that  are  struggling  with  reduced  budgets  and  increasing  demands  to  respond  quicker  to 
defense  threats  to  crises.  In  2008,  “The  10  laws  of  Cloudonomics”  (Weinman,  2008)  provided  a 
succinct  set  of  ten  (10)  thematic  elements  that  provided  the  foundation  upon  which  an  analysis 
could  be  applied  to  any  increasingly  complicated,  high  cost  Information  Technology  problem. 
Figure  2  and  Figure  3  outline  these  ten  laws  of  “cloudonomics”.  The  Trusted  Silicon  Stratus 
(TSS)  represents  an  IT  application  of  these  ten  cloudonomics  laws  that  will  reduce  costs  and 
project  schedules  for  semiconductor  component  design.  The  TSS  Workshop  provided  a  basis 
upon  which  to  coalesce  stakeholders  and  parties  across  the  DOD  to  address  the  implementation 
of  the  TSS  Cloud. 
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1 .  Utility  services  cost  less  even  though  they  cost  more. 


•An  on-demand  service  provider  typically  charges  a  utility  premium — a  higher  cost-per-unit  time  for  a 
resource  than  if  it  were  owned,  financed,  or  leased.  However,  although  utilities  cost  more  when  they 
are  used,  they  cost  nothing  when  they  are  not.  Consequently,  customers  save  money  by  replacing 
fixed  infrastructure  with  clouds  when  workloads  are  spiky,  specifically  when  the  peak-to-average 
ratio  is  greater  than  the  utility  premium. 


2.  On-demand  trumps  forecasting. 


•The  ability  to  provision  capacity  rapidly  means  that  any  unexpected  demand  can  be  serviced,  and 
the  revenue  associated  with  it  captured.  The  ability  to  rapidly  de-provision  capacity  means  that 
companies  don't  need  to  pay  good  money  for  nonproductive  assets.  Forecasting  is  often  wrong, 
especially  for  black  swans,  so  the  ability  to  react  instantaneously  means  higher  revenues  and 
lower  costs. 


3.  The  peak  of  the  sum  is  never  greater  than  the  sum  of  the  peaks. 


•Enterprises  deploy  capacity  to  handle  their  peak  demands:  A  tax  firm  worries  about  Apr.  15,  a 
retailer  about  Black  Friday,  an  online  sports  broadcaster  about  Super  Sunday.  Under  this  strategy,  the 
total  capacity  deployed  is  the  sum  of  these  individual  peaks.  However,  since  clouds  can  reallocate 
resources  across  many  enterprises  with  different  peak  periods,  a  cloud  needs  to  deploy  less  capacity. 


4.  Aggregate  demand  is  smoother  than  individual. 


•Aggregating  demand  from  multiple  customers  tends  to  smooth  out  variation.  Specifically,  the 
"coefficient  of  variation"  of  a  sum  of  random  variables  is  always  less  than  or  equal  to  that  of  any  of 
the  individual  variables.  Therefore,  clouds  get  higher  utilization,  enabling  better  economics. 


5.  Average  unit  costs  are  reduced  by  distributing  fixed  costs  over  more  units  of  output. 


•While  large  enterprises  benefit  from  economies  of  scale,  larger  cloud  service  providers  can  benefit 
from  even  greater  economies  of  scale,  such  as  volume  purchasing,  network  bandwidth, 

operations,  administration,  and  maintenance  tooling. 


Figure  2  -  The  10  Laws  of  Cloudonomics  - 1  to  5  (Weinman,  2008) 
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6.  Superiority  in  numbers  is  the  most  important  factor  in  the  result  of  a  combat  (Clausewitz). 


•The  classic  military  strategist  Carl  von  Clausewitz  argued  that,  above  all,  numerical  superiority  was 
key  to  winning  battles.  In  the  cloud  theater,  battles  are  waged  between  botnets  and  DDoS  defenses. 
A  botnet  of  100,000  servers,  each  with  a  megabit  per  second  of  uplink  bandwidth,  can  launch  100 
gigabits  per  second  of  attack  bandwidth.  An  enterprise  IT  shop  would  be  overwhelmed  by  such  an 
attack,  whereas  a  large  cloud  service  provider — especially  one  that  is  also  an  integrated  network 
service  provider — has  the  scale  to  repel  it. 


7.  Space-time  is  a  continuum  (Einstein/Minkowski). 


•A  real-time  enterprise  derives  competitive  advantage  from  responding  to  changing  business 
conditions  and  opportunities  faster  than  the  competition.  Often,  decision-making  depends  on 
computing,  e.g.,  business  intelligence,  risk  analysis,  portfolio  optimization,  and  so  forth.  Assuming 
that  the  compute  job  is  amenable  to  parallel  processing,  such  computing  tasks  can  often  trade  off 
space  and  time,  for  example  a  batch  job  may  run  on  one  server  for  a  thousand  hours,  or  a 
thousand  servers  for  one  hour,  and  a  query  on  Google  is  fast  because  its  processing  is  divided 
among  numerous  CPUs.  Since  an  ideal  cloud  provides  effectively  unbounded  on-demand 
scalability,  for  the  same  cost,  a  business  can  accelerate  its  decision-making. 


8.  Dispersion  is  the  inverse  square  of  latency. 


•Reduced  latency — the  delay  between  making  a  request  and  getting  a  response — is  increasingly 
essential  to  delivering  a  range  of  services,  among  them  rich  Internet  applications,  online  gaming, 
remote  virtualized  desktops,  and  interactive  collaboration  such  as  video-conferencing.  However,  to 
cut  latency  in  half  requires  not  twice  as  many  nodes,  but  four  times.  For  example,  growing  from 
one  service  node  to  dozens  can  cut  global  latency  (e.g.,  New  York  to  Hong  Kong)  from  150 
milliseconds  to  below  20.  However,  shaving  the  next  15  milliseconds  requires  a  thousand  more 
nodes.  There  is  thus  a  natural  sweet  spot  for  dispersion  aimed  at  latency  reduction,  that  of  a  few 
dozen  nodes — more  than  an  enterprise  would  want  to  deploy,  especially  given  the  lower  utilization 
described  above. 


9.  Don’t  put  all  your  eggs  in  one  basket. 


•The  reliability  of  a  system  with  n  redundant  components,  each  with  reliability  r,  is  l-(l-r)n.  So  if 
the  reliability  of  a  single  data  center  is  99%,  two  data  centers  provide  four  nines  (99.99%)  and  three 
data  centers  provide  six  nines  (99.9999%).  While  no  finite  quantity  of  data  centers  will  ever 
provide  100%  reliability,  we  can  come  very  close  to  an  extremely  high  reliability  architecture  with 
only  a  few  data  centers.  If  a  cloud  provider  wants  to  provide  high  availability  services  globally  for 
latency-sensitive  applications,  there  must  be  a  few  data  centers  in  each  region. 


10.  An  object  at  rest  tends  to  stay  at  rest  (Newton). 


•A  data  center  is  a  very,  very  large  object.  While  theoretically,  any  company  can  site  data  centers  in 
globally  optimal  locations  that  are  located  on  a  core  network  backbone  with  cheap  access  to 

power,  cooling,  and  acreage,  few  do.  Instead,  they  remain  in  locations  for  reasons  such  as  where 
the  company  or  an  acquired  unit  was  founded,  or  where  they  got  a  good  deal  on  distressed  but 
conditioned  space.  A  cloud  service  provider  can  locate  greenfield  sites  optimally. 


Figure  3  -  The  10  Laws  of  Cloudonomics  -  6  to  10  (Weinman,  2008) 
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Nimbis  Services  is  in  the  forefront  of  the  application  of  cloud  computing  and  utility 
computing  business  models  to  a  variety  of  manufacturing  and  high  performance  computing 
problems  that  span  a  number  of  diverse  industry  sectors.  The  design  of  semiconductor 
components  provides  what  could  be  credibly  argued  as  an  idealized  application  of  a  technology 
disruption  (cloud  computing)  to  a  high  performance  computing  problem.  The  appeal  of  a  cloud 
computing  model  for  a  standardized  semiconductor  design  flow  for  the  Department  of  Defense 
builds  upon  the  previous  assertion  in  an  even  more  acute  fashion. 

Applying  cloud  computing  architectures  to  drive  down  IT  costs  across  the  DOD  and  the 
federal  government  has  received  extensive  funding  and  deployment  attention  over  the  last  two 
years.  Vivek  Kundra,  the  Federal  Chief  Information  Officer,  has  provided  status  reports  and 
progress  updates  on  the  effectiveness  and  benefits  behind  the  government’s  adoption  of  cloud 
computing.  Figure  4  provides  a  snapshot  of  information  and  facts  on  cloud  computing  initiatives 
within  the  Defense  Information  Systems  Agency  (DISA). 

The  results  from  the  TSS  Workshop  that  follow  in  this  final  report,  the  preceding  factors,  and 
the  advancement  in  Web  3.0  Service  Oriented  Architectures  (SOA)  clearly  show  that  the 
industry  has  reached  a  point  of  what  has  been  referred  to  as  a  “perfect  storm”  for  the 
development  of  the  TSS  computing  cloud. 
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Virtualization  technologies 
divides  cost  of  provisioning 
and  operating  a  single 
physical  server  among  virtual 
servers 


Cost  for  a  user  to  obtain  an 
environment  on  RACE  is 
reasonable  and  can  be  set  up 
with  an  approved  Government 
credit  card. 


Typical  implementation  of  new 
DoD  SW/systems 

Large  time  and  money  due 
to  licensing,  acquisition,  and 
support  demands. 


Forge.mil  (DISA) 

•  Provides  DoD  tools  and  services  necessary  for  rapid  development,  testing,  and  deployment  of  new  software 
and  systems. 

•  Estimates  new  projects  developed  in  its  environment  save  DISA  between  $200,000  and  $500,000  per  project 

•  Estimates  ~$15  million  in  cost  avoidance  utilizing  open  source  philosophy  SW  reuse  and  collaborative 
development 

•  Hosts  an  array  of  projects  for  different  areas  of  DoD  including  the  Army,  Navy,  Air  Force,  Marine  Corps  and  the 
Joint  Chiefs 

•Secure  environment  that  appropriately  protects  DoD  software  assets  4  Reduced  costs 

•  Promotes  collaboration,  reuse  of  SW,  rapid  delivery,  and  shortened  time-to-market  for  projects. 


Self-service  portal  to  provision 
computing  resources, 

guarantee  environment  will 
be  secure  to  DoD  standards. 


Strict  data  cleansing  process 
for  when  an  application  needs 
to  be  removed  completely 
from  the  RACE  platform. 


Non-cloud  based  software 

development 

•  Does  not  typically  allow  for  the 
utilization  of  economies  of 
scale,  ubiquitous  delivery,  or 
cross  collaboration  on 
projects. 


DISA  began  leveraging  cloud 
computing  in  2008 

Rapid  Access  Computing 
Environment  (RACE) 


Server  environment  used  to 
take  3-6  weeks  to 
provision... 

RACE  is  able  to  provision 
functional  server  space  to 
users  in  24  hours. 


100s  of  military  applications  including 
command  &  control  systems,  convoy 
control  systems,  and  satellite 
programs 


Figure  4  -  Federal  &  DOD  Cloud  Computing  Deployments 
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5  METHODS,  ASSUMPTIONS,  PROCEDURES 
5.1  TSS  Workshop  Agenda 

A  critical  part  of  assembling  the  TSS  Workshop  was  to  find  the  right  balance  for  the  size  of 
the  workshop  attendance.  It  was  recognized  early  that  assembling  hundreds  of  attendees  would 
make  it  difficult  to  manage  the  logistics  and  also  inhibit  a  core  exchange  of  ideas  and 
requirements  for  the  DOD  TSS  user  community.  At  the  TSS  Workshop  kickoff  meeting  at  the 
AFRL  in  Rome,  NY  it  was  agreed  that  attendance  for  the  TSS  Workshop  would  be:  (1)  limited 
to  approximately  50  persons,  (2)  by  invitation  only,  and  (3)  require  US  citizenship.  A 
semiconductor  design  and  IT  use  case  online  survey  using  the  SurveyMonkey®  website  was 
created  and  disseminated  to  the  DOD  community  which  also  served  as  a  guiding  factor  in  the 
workshop  agenda.  The  SurveyMonkey  results  were  reported  to  the  Air  Force  and  are  available 
from  Nimbis  Systems  Inc. 

The  primary  challenge  the  Nimbis  team  needed  to  execute  upon  was  identifying,  contacting, 
scheduling,  briefing,  and  confirming  attendance  to  the  2-day  TSS  Workshop  from  across  the 
DOD  and  associated  federal  agencies  involved  in  semiconductor  design.  Web-based  TSS 
briefings,  conference  calls,  and  attendance  at  the  GOMAC  Tech  10  conference  provided  the 
basis  upon  which  a  core  group  of  TSS  Workshop  attendees  was  formed.  The  next  challenge  was 
filling  out  a  comprehensive,  diverse,  credible,  crisp,  fast  moving,  engaging,  and  interesting 
agenda  that  would  disseminate  and  receive  the  needed  requirements  for  a  TSS  computing  cloud. 
The  final  challenge  involved  managing  the  logistical  aspects  of  registering,  locating,  scheduling 
the  workshop  at  the  IBM  corporate  offices  in  Bethesda,  MD. 

Nimbis  Services  set  up  an  online  TSS  Workshop  registration  website  to  allow  TSS  Workshop 
attendees  to  formally  register  for  the  workshop  and  also  provide  a  centralized  location  for 
presentation  materials  download  and  forum  comments.  Highlights  include  the  diversified 
attendance  of  twenty-six  organizations  from  across  the  Department  of  Defense,  Department  of 
Energy,  the  National  Security  Agency,  the  National  Reconnaissance  Office,  private  Aerospace 
and  Defense  (A&D)  and  non-A&D  commercial  companies.  The  agenda  presenters,  panelists, 
and  participants  were  selected  based  upon  domain  expertise  and  technical  relevance  to  the 
agenda  topic.  The  2-day  agenda  for  the  TSS  Workshop  is  listed  below  in  Table  1,  2  and  Table  3 
lists  the  attendees. 
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5.1.1  Thursday,  September  9th,  2010 


Table  1  -  Thursday  Agenda 


8:00am  -  8:45am 

CONTINENTAL  BREAKFAST 

9:00am-  9:15am 

WELCOME  & 

INTRODUCTORY  COMMENTS: 
Workshop  Chair 

J.  Marc  Edwards,  Nimbis  Services 

9:15am-  9:45am 

PERSPECTIVE: 

Air  Force  Research  Laboratory 
(AFRL) 

John  Rooks,  AFRL,  Rome,  NY 

9:45am  -  10:15am 

PERSPECTIVE: 

Sandia  National  Labs  (SNL) 

Rita  Gonzales,  SNL,  Albuquerque, 
NM 

10:15am  -  10:45am 

PERSPECTIVE: 

IBM  EDA  Methodology  Flow  & 
Leveraging  Cloud  Computing  for 
SoC  Design 

Dr.  Leon  Stok,  VP,  EDA 
Technologies,  IBM  ST&G 

10:45am  -  11:00am 

BREAK 

11:00am  -  11:30am 

KEYNOTE: 

Air  Force  Cloud  Computing 
Demonstration  Project 

John  Pritchard,  IBM  Software 
Group 

11:30am  -  12:00pm 

KEYNOTE: 

Cloud  Computing  Security 
Architectures:  Considerations  in 
Cloud  Security 

Tan  Thai,  Senior  Scientist,  SNL 
Information  Systems  Analysis  Center 
(ISAC) 

12:00pm-  1:00pm 

LUNCH 

1:00pm-  2:00pm 

INTERACTIVE  SESSION  1: 
Heterogeneous,  XML-based  SoC 
Reference  Flow  Methodology  - 
“StratusFlow” 

Paul  Zuchowski  (IBM  EDA),  Tim 
Brodnax  (NMBS),  Bob  Schetlick 
(SNPS),  Brad  Tree  (CDNS) 

2:00pm  -  2:30pm 

INTERACTIVE  SESSION  2: 

Web  2.0  SoC  Design  Portal 
Dashboard 

Jack  Erikson  (CDNS),  J.  Marc 
Edwards  (NMBS),  Tim  Brodnax 
(NMBS) 

2:30pm  -  3:30pm 

INTERACTIVE  SESSION  3: 
Trusted  SoC  Design  Cloud  IT 
Enterprise  Architecture 

J.  Marc  Edwards  (NMBS),  RJ  Rao 
(IBM  Research),  Blake  Dournaee 
(Intel),  Dan  Kent  (Cisco) 

3:30pm  -  3:45pm 

BREAK 

3:45pm-  4:45pm 

INTERACTIVE  SESSION  4: 
IaaS/SaaS  “Cloud”  Business 
Enterprise  Architecture  for  Trusted 
SoC  Design 

Ruth  Fisher  (QuantAA),  J.  Marc 
Edwards  (NMBS),  Mark  Williams 
(SNPS),  Ray  Ross  (CDNS) 

5:00pm-  6:00pm 

EVENING  SOCIAL 
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5.1.2  Friday,  September  10th,  2010 

Table  2  -  Friday  Agenda 


8:00am  -  8:30am 

CONTINENTAL  BREAKFAST 

8:30am  -  9:30am 

PANEL  SESSION  1:  Rita  Gonzales  (SNL),  Mark 

Multi-tenancy  SoC  Design  Maurer  (Silvaco),  TBN  (CDNS), 

Classes  Use  Cases  David  French  (IBM 

Microelectronics) 

9:30am  -  10:30am 

PANEL  SESSION  2:  TBN  (IBM  Research),  John 

Semiconductor  IP  Provisioning  Thibeault  (TAPO),  Kathy  Gambino 

(CDNS),  TBN  (NMBS) 

10:30am  -  11:00am 

BREAK 

11:00am  -  12:00pm 

TUTORIAL: 

Integrated  Circuit  &  System  Dr.  Miodrag  Potkonjak,  UCLA, 

Security  Techniques  For  Trusted  Department  of  Computer  Science 

Design 

12:00pm-  1:00pm 

LUNCH 

1:00pm-  1:30pm 

TRUSTED  SILICON 

STRATUS  (TSS)  PROTOTYPE 

PLAN:  Tim  Brodnax,  Nimbi s  Services 

Phase  1  TSS  Prototype 

Implementation  Proposal 

1:30pm-  2:00pm 

SUMMARY  PRESENTATION: 

Report,  Takeaways,  Next  Steps,  J.  Marc  Edwards,  Nimbis 

Trusted  Foundry  Workshop  Services 

Breakout  Session 
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5.2  TSS  Workshop  Attendees 

Table  3  -  TSS  Workshop  Attendees 

Number  of 


Attendee  Name 

Company/ Organization 

Attendees 

Group 

David  Rea 

BAE  Systems 

1 

A 

Kathy 

Gambino 

Cadence  Design  Systems 

1 

A 

Jack  Erikson 

Cadence  Design  Systems 

1 

A 

Ray  Ross 

Cadence  Design  Systems 

1 

A 

Brad  Tree 

Cadence  Design  Systems 

1 

A 

Brad  Bryant 

L3  Communications 

1 

A 

Dan  Both 

NSA  TAPO 

1 

C 

Leon  Stok 

IBM  EDA 

1 

A 

Carl  Anderson 

IBM  EDA 

1 

A 

John  Evans 

Boeing 

National  Reconnaissance 

1 

A 

Lewis  Cohn 

Office  (NRO) 

Air  Force  Research  Laboratory 

1 

A 

John  Rooks 

(AFRL) 

1 

A 

Bob  Gleichauf 

In-Q-Tel 

1 

A 

Dan  Kent 

Cisco  Systems 

1 

A 

Edwin  Elmore 

Cisco  Systems 

1 

A 

Chris  Coleman 

Cisco  Systems 

1 

A 

Sean  Johnson 

NSA  TAPO 

1 

A 

Mark  Maurer 

Silvaco 

1 

B 

Bruce  Jewett 

Synopsys 

1 

B 

Bob  Schetlick 

Synopsys 

1 

B 

Mark  Williams 

Synopsys 

1 

B 

Mike  Wood 

SPA  WAR  San  Diego 

1 

B 

Romeo  Del 

Army  Research  Laboratory 

Rosario 

(ARL) 

1 

B 

Matthew  Sale 

NSWC  Crane 

1 

B 
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Table  3  Workshop  Attendees 

Cont. 

Number  of 

Attendee  Name 

Company/Organization 

Attendees 

Group 

DARPA  MTO  -  Trust  in 

Saverio  Fazzari 

Integrated  Circuits 

1 

B 

Mark  Whiting 

Rockwell  Collins 

1 

B 

Tom  O'Hern 

ICFI 

1 

B 

Greg  Hudson 
Allen 

Intel 

1 

B 

Shortnacy 

Blake 

Intel 

1 

B 

Dournaee 

Intel 

1 

B 

Brian  Cohen 

IDA 

1 

B 

Rich  Dondero 

Sandia  National  Laboratories 

1 

B 

LeAnn  Miller 

Sandia  National  Laboratories 

1 

B 

Rita  Gonzales 

Sandia  National  Laboratories 

1 

C 

Paul 

Zuchowski 

IBM  EDA 

1 

C 

James  Doty 

NSWC  Crane 

1 

C 

Joe  Cole 

Magma  Design  Automation 

1 

C 

Kevin 

McDonald 

ICFI 

1 

C 

Jim  Will 

Kansas  City  Plant  (KCP) 

1 

C 

Tan  Thai 

Sandia  National  Laboratories 

1 

C 

Nish  Limaye 

Rockwell  Collins 

1 

C 

Joseph  Neff 

SPAWAR  San  Diego 

1 

C 

James  Smith 

In-Q-Tel 

1 

C 

John  Pritchard 

IBM  CCD 

1 

C 

Miodrag 

Potkonjak 

UCLA 

1 

C 

JR  Rao 

IBM  CCD 

1 

C 

Dimi  trios 
Pendarakis 

IBM  CCD 

Air  Force  Research  Laboratory 

1 

C 

Tom  Renz 

(AFRL) 

Army  Research  Laboratory 

1 

C 

James  Wilson 

(ARL) 

1 

C 
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Attendee  Name 

Table  3  Workshop  Attendees  Cont. 

Number  of 

Company/Organization  Attendees  Group 

David  French 

IBM  Microelectronics  1  C 

QuantAA  (Ruth  Fisher)  1 

Nimbis  Services  5 

Total  Attendees  56 
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6  RESULTS,  DISCUSSION 


6.1  Workshop  Session  Summaries 

The  following  summary  figures  outline  TSS  issues,  requirements,  use  cases,  and  panel 
discussions  from  the  TSS  Workshop  agenda.  Each  figure  consolidates  the  key  points  from  the 
workshop  keynotes  and  interactive  sessions.  The  AFRL  perspective  session  presented  a  typical 
use  case  and  issues  that  semiconductor  component  designers  in  the  AFRL  would  like  to  have 
addressed  by  the  workshop  and  any  resulting  design  service.  Figure  5  lists  inputs  from  several 
AFRL  research  groups  using  EDA  design.  General  areas  of  concern  included  simplified 
administration  of  design  tools  and  IP,  trusted  data  and  information  management  and  creation  of  a 
trusted  knowledge  base  for  technology  transfer  of  research  results  to  other  users.  Other  issues 
found  in  an  AFRL  wide  survey  were  reported  including  long  term  support  for  older  technologies 
and  legacy  systems,  buy  in  from  big/critical  users  such  as  high  dollar  platform  avionics  and 
nuclear  control  systems  and  support  for  mixed  technology  design  and  fabrication. 


Must  support  most  popular  EDA  Tools 


Semiconductor  IP 


•Single  Non  Disclosure  Agreement 
•  US  Government  open  source 


New  billing/business  models  required 


Trust  mechanisms 


•  SW  tools  &  IP 


Needs  to  be  trusted  and  users  must  be 
convinced  that  it  is  trusted 


Pedigrees  available  for  some  IP 


•  Certain  of  end  point  of  connection 

•  No  man-in-the-middle  attack 

•  If  one  group  is  compromised,  non-shared  data  is  not 
compromised 

•  If  TSS  is  compromised,  user  data  is  not  compromised 

•Strongly  encourage  sharing  of  government  funded  verification 
efforts  on  IP 

•Anonymous  means  to  share  verification  results 
•Trusted  3rd  party  relay  of  summary  of  verification  effort  and 
results 


Figure  5  -  TSS  Workshop  (AFRL  Takeaways) 


The  second  perspective  session  was  presented  by  Sandia  National  Laboratories.  Researchers 
from  Sandia  described  semiconductor  design  processes  they  presently  use  and  changes  they 
would  like  to  see.  A  list  of  the  trusted  design  cloud  features  desired  by  researchers  from  Sandia 
is  given  in  Figure  6  and  Figure  7.  The  issue  of  affordability  and  a  business  model  that  makes  the 
financial  case  for  a  cloud  service  was  discussed.  A  presentation  of  security  concerns  for 
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semiconductor  system  design  at  Sandia  National  Laboratories  was  given  next.  Trust  and  security 
are  a  major  issue  for  Sandia.  Issues  identified  included  network  security,  internal  cloud  security, 
and  security  and  trust  of  applications  such  as  the  design  tools  and  outside  IP  used  for  design. 
Figure  6  lists  some  of  the  security  and  trust  features  Sandia  would  expect  to  see  in  a  cloud  design 
service. 


Trusted  and  secure  computing  environment 

•  It  must  be  secure  or  it’s  a  no-go  from  Sandia 
perspective 

•  Must  maintain  confidentiality  and  design  integrity 

•  Potential  engagement  from  Sandia  Information 
Operations  &  Assessment  team  to  help  build  this 
assurance 


Developed  for  long  terms  needs  that  can 
provide  access  to  a  range  of  technologies 

•  Ob  to  focus  initial  efforts  on  single 
design  flow  and/or  foundry,  but  must 
be  adaptable  to  accommodate 
multiple  design  flows  and  technologies 


Affordable  business  model 

•  Must  at  least  match  today’s  value 
proposition  but  would  hope  that  it 
could  provide  better  access  at  the  same 
or  lower  costs 


Rich  portfolio  of  portable, 
trusted  intellectual  property 

•  Definition  of  trust  and  levels 

•  Business  model  for  IP 


Figure  6  -  TSS  Workshop  (Sandia  Takeaways) 
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Cost  effective  access  to  State-of-the- 
Art  EDA  Tools 


•  Potentially  better  business  model  to  accommodate  complex 
requirements  requiring  access  to  both  legacy  and  advanced 
digital,  analog,  and  mixed-signal  design  capabilities 

•  Reduce  overhead  associated  with  installing/de-installing 
licenses  based  on  cost/use  model 

•  Pre-defined  and  validated  flows  to  increase  efficiency  and 
reduce  learning  curves  and  also  increase  "trust”  in  EDA  tools 
and  flow 


Cost  effective  access  to 
State-of-the-Art  Compute  Hardware 


•  Maintain  EDA  tool  consistency  across  multiple  hardware/OS 
configurations 

•  Reduce  cost  of  ownership  and  support  for  multiple  legacy 
systems 


Access  to  Rich  Portfolio  of  “Trusted”  IP 


•Advanced  process  technologies  drive  rapidly  increasing  levels 
of  SoC  integration  that  in  turn,  drives  need  for  more  complex 
content  (cpu  cores,  memory  controllers,  standard  10  bus 
protocols,  etc) 

•  Opportunity  for  Defense/Government  sector  to  “align”  on 
meaning  of  “Trust” 


Pre/Post  Si  Validation  Requirements 

Pedigree  of  Content 
(who,  how  and  when) 


•Opportunity  for  Defense/Government  sector  to  both  provide 
and  use  “Trusted”  IP 


Easy  access  to  trusted  foundries 

“MOSIS-like”  model  for  trusted 
foundries 

Process  Design  Kit  (PDK) 

Standard  and  I/O  cell  libraries 

Foundry  specific  analog  macros 
(i.e.  IP  blocks) 

Memories  and  compilers 


•  One  stop  shop  for  trusted  foundry  engagement  (for  all  trusted 
foundries) 

•  Readily  available  foundry  specific  intellectual  property 
distribution 


Figure  7  -  TSS  Workshop  (Sandia  Takeaways  2) 

The  IBM  Design  Cloud  service  was  described  in  the  third  perspective  session.  This  service  is 
used  by  over  3,000  corporate  designers  around  the  world  utilizing  a  computing  cloud  of  20,000 
processing  cores  to  create  semiconductor  component  designs  for  IBM.  Compelling  statistics 
were  given  to  show  that  a  well-managed  cloud  based  design  service  can  significantly  reduce  cost 

Approved  for  Public  Release;  Distribution  Unlimited. 

15 


while  actually  reducing  the  time  to  complete  a  design.  Figure  8  describes  features  of  the  IBM 
Design  Cloud  and  its  business  case. 


Reduces  the  IT  cost  per  designer... 
IBM  cut  the  IT  cost/designer  by  2X 


•  Extremely  high  server  utilization  (to  minimize  cost)  while 
maintaining  high  performance  for  interactive  users  anywhere 

I  in  the  world. 

•  Efficient  use  of  design  licenses. 

•  Designers  from  around  the  world  use  the  licenses  on  a  pool 
of  servers. 

•Simple  maintenance  and  scalability 
•Servers  and  storage  located  together  and  software  for  ease 
of  scaling. 

•Easier  revision  control  and  no  shadowing  to  remote 
locations. 


r  ^ 

Reduces  the  time  to  complete  a  design. .. 
Standardized  work  flows 

L  A 


•Cut  the  P7  1st  pass  design  time  from  24  to  18  months. 

•  High  resolution  graphics  over  the  internet  for  remote  work 
any  where. 

•  Improves  designer  productivity. 

•  Designers  seamlessly  submit  multiple  batch  jobs  with 
faster  turn  around  time. 

•24x7  cloud  support  split  between  US  and  India. 


A 


High  security,  availability  and 
reliability 


•Sony,  Microsoft  and  Nintendo  game  designs  were  being  done 
in  the  Design  Cloud. 

•When  a  server  goes  down  all  batch  jobs  are  restarted. 

•  Interactive  jobs  do  not  lose  saved  data. 


IBM  Design  Cloud 


•20,000+  Cores,  150+  TB  RAM,  1+  PB  Disk  in  production 
across  Systems  and  Technology  Group,  3000+  Users 
•40K+  Jobs/day,  50M+  Sim  cycles  (processor  clocks) 


Figure  8  -  IBM  Microelectronics  Keynote 

A  presentation  was  given  by  an  IBM  researcher  on  an  Air  Force  project  to  create  a  multi¬ 
tenancy  cloud  computing  environment.  Scheduling  and  workflow  were  described.  Issues  for 
provisioning  and  monitoring  and  metering  of  the  cloud  were  described.  Network  design  was 
identified  as  a  critical  issue  for  success. 

The  first  interactive  session  centered  on  the  creation  of  a  reference  flow  environment.  The 
session  panel  consisted  of  representatives  from  major  design  tool  providers:  Cadence,  Synopsys 
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and  IBM  EDA.  The  session  focused  more  on  identifying  a  tool  provider  based  consensus  list  of 
issues  that  need  to  be  addressed  by  the  reference  flow  than  on  proposing  solutions.  Figure  9  lists 
issues  identified. 


Cloud  enabling  benefits:  Can  cloud  offer  greater  security  than  a 
private  model? 


Centralize  security  management 


Centralize  network  awareness:  what’s  going  on? 


Centralize  network  defense: 


What  do  I  do  if 
something  happens? 


Environmental  controls 


Aggregate  disparate  users  using  different 
versions 


Versioning  Liability 


Change  provisioning  of 
workflow 
CAD 

management 


Need  to  support  legacy  IT 


Need  commonality 


How  to  deal  with  obsolete  technology? 


Old  technology  never  goes  away 


Complexity  is  increasing,  while  expertise  is  decreasing:  retirements,  fewer  designs, 
less  R&D 

Maintenance  and  updating  of  EDA  tools  is  very  important  and  is  a  large  draw  on 
EDA  resources 


Figure  9  -  Interactive  Session  1  -  SoC  Design  Flow 

Interactive  Session  2  addressed  the  requirements  for  a  design  portal  interface.  Cloud 
architecture  requirements  for  supporting  the  different  types  of  expected  users  were  identified. 
Other  architecture  issues  and  requirements  were  discussed  in  Interactive  Session  3  along  with 
some  straw  man  architectures  presented  by  panel  members  from  commercial  providers  of  cloud 
systems.  As  with  all  sessions,  achievement  of  security  and  trust  was  discussed.  Figure  10  lists 
the  requirements  and  characteristics  identified  for  the  user  interface  in  Session  2  and  the  cloud 
architecture  in  Session  3. 
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IS2  Dash  boa 

•  ChipEstimate  (Cadence) 

•  Lynx  (Synopsys) 

•  Magma,  Talus  FlowManager 

Important  takeaways 

•  User  Interfaces 

•  Intuitive 

•  Customized 

•  Flexible  ^  tool  &  IP 


IS3  Cloud  Computing 

•  Cisco  Systems 

•  Unified  Computing  System 

•  IBM 

•  Cloud  Reference  Model 

•  Intel 

•  Security  Gateway  Appliance 

Important  takeaways  j 

•  Integrated 

1)  Processor 

2)  Storage 

3)  Network 

Cloud  computing  architecture 

•  Specific  Research  in  cloud  data  security,  new  for  this  app  (DRaaS) 
Specific  DoD  secure  clouds 

•  Security  specific  middleware  appliance 

1)  Platform  agnostic 

2)  Widely  deployable 


Figure  10  -  Interactive  Session  2  &  3  -  Dashboarding  &  Cloud  Computing 
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The  final  interactive  session  dealt  with  the  business  case  for  a  proposed  Infrastructure-as-a- 
Service  (IaaS)/Software-as-a-Service  (SaaS)  cloud  architecture.  User  desires  for  innovative 
pricing  and  billing  were  discussed.  The  cost  model  for  a  notional  cloud  was  discussed  and 
feature  costs  were  proposed.  Those  were  compared  to  costs  for  similar  capabilities  in  the  current 
model.  The  comparison  would  make  the  business  case  for  the  cloud  based  system.  Issues 
identified  included  the  savings  from  more  efficient  utilization  of  resources  due  to  economies  of 
scale  and  reduction  of  down  time,  novel  pricing  schemes  such  as  paying  only  for  successful 
incorporation  of  Semiconductor  Intellectual  Property  (SIP),  after  the  design  is  complete,  and 
savings  from  the  DOD  and  other  government  agencies  not  paying  for  the  same  license  multiple 
times.  Figure  11  provides  a  list  of  issues  identified.  Of  interest  was  how  to  make  the  new 
pricing  schemes  win-win  for  the  users  and  the  design  tool  vendors.  Possibilities  included  the 
idea  of  charging  a  low  entry  fee  and  then  mortgaging  any  successful  design  for  a  higher  fee  than 
is  currently  charged.  This  would  reduce  the  cost  of  exploration  which  would  increase  the 
customer  base  for  the  tool  vendors.  A  successful  design  would  be  worth  the  higher  back  end  cost 
of  the  license.  The  need  for  an  independent  assessment  of  the  business  case  for  any  future 
proposed  cloud  service  was  identified  as  essential  to  help  funders  justify  the  cost. 


Maintenance  and  updating  of  EDA  tools  is  very 
important  and  is  a  large  draw  on  EDA  resources 


Designers  want  per-engineer  annual 
costs  they  can  budget  with 

•  Portal  must  offer  cost  predictability 
•Consistent  pricing 

At  peak  usage  don't  have  enough  licenses  '  • ' '  ’  i 

Other  times  have  too  many  licenses 

Have  to  pay  large  premium 

►  .  .  4 

•  For  short  term  license  (3  months)  versus  long  term  license  (1 
year) 

•  Can  portal  offer  flexible  #  licenses  during  peak  periods? 

Issues 

•Costs  may  increase  during  transition  period  to  portal 
•Learning  curve  costs  of  using  cloud  architectures 

►  i 

EDA  Supplier  presentations 

L  A 

•  Cadence/Synopsys  each  presenting  proprietary  "cloud-like”, 
selected  point  tool  solutions 

•  IP  Reuse:  create  system  with  chargeback/credit  for  reuse 

•  IT  &  EDA  tool  budgets  come  from  different  places 

•  IT  savings  would  accrue  to  IT  department,  not  designers 

r  ^ 

How  companies  recover  costs  is 
important: 

L  A 

Figure  11  -  Interactive  Session  4  -  TSS  Business  Model  Discussion 


The  second  day  panel  sessions  covered  two  topics  concerning  services  provided  by  the  cloud. 
The  Multi-Tenancy  Panel  addressed  the  scope  of  the  design  environment  and  the  Semiconductor 
Intellectual  Property  (SIP)  Provisioning  Panel  addressed  SIP  issues  in  the  design  process.  There 
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was  significant  concern  about  the  scope  that  the  design  service  would  need  to  cover  multiple 
users’  needs  for  tool  flow.  Potential  users  exist  for  every  CMOS  technology  generation  as  well 
as  mixes  with  other  technology  classes  such  as  analog  mixed  signal,  Micro  Electrical  Mechanical 
Systems,  and  3D  combinations.  The  business  case  requires  the  design  cloud  to  reach  sufficient 
users.  The  high  cost  of  licenses  argues  for  fewer  classes.  A  balance  will  be  needed  to  provide  a 
service  that  addresses  a  critical  mass  of  DOD  users. 

Two  themes  that  came  up  in  the  SIP  panel  discussions  were  sharing  of  SIP,  making  access 
open  and  convenient  for  authorized  users,  and  the  security  of  SIP,  making  authenticated  SIP 
secure  from  unauthorized  users.  Concerns  identified  in  the  panel  discussion  are  listed  in  Figure 
12.  Possible  solutions  discussed  included  the  use  of  authentication  technologies  such  as 
Physically  Unclonable  Functions  (PUF)  and  a  knowledge  base  with  previous  DOD  user  supplied 
metadata  attached  to  the  SIP,  made  possible  by  the  existence  of  the  cloud  for  administration. 
Digital  Rights  Management  (DRM)  could  also  be  performed  in  the  administration  function  of  the 
cloud. 


•Across  SoC  design  projects 
•Across  DoD  organizations 

•  Design  errata  blog 

•  Easy  to  view  &  test  SIP  BEFORE  purchase 

r  ^ 

Strong  desire  for  collaboration  & 
sharing  of  SIP 

r - 1 

DRM 

•Temporal  and  Permanent,  Enabling,  Disabling,  Metering 

Malicious  alternations 

•  Hardware,  Software,  and  Data 

r  < 

Cryptography 

►  4 

•Storage,  Communication,  Protocols 

Trust 

•Hardware,  Software,  Location,  Time 

r  1 

Privacy 

•Information,  Presence,  Action 

Primitives 

• 

•  Gate-level  characterization 
•PUF and PPUF 

•1C  DRM 

•Trusted  Remote  Operation 

•Trusted  Synthesis  using  Untrusted  Tools  and  IP 

r  ' 

Protocols 

^  A 

•Techniques  for  Preventing  Reverse  Engineering 


Figure  12  -  Semiconductor  IP  Provisioning  Panel  &  Takeaways 

Following  the  panel  sessions,  a  tutorial  was  given  by  Professor  Potkonjak  of  UCLA  on  new 
techniques  to  achieve  trusted  design.  Included  were  new  hardware  techniques  to  prevent  system 
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takeover  and  hardware  to  verify  hardware  authenticity  such  as  Physically  Unclonable  Functions 
and  Public  Physically  Unclonable  Functions  (PPUF). 

The  workshop  was  concluded  with  a  description  of  a  prototype  design  service  proposed  by 
Nimbis  Services  for  implementation  in  the  near  future.  Plans  for  completion  of  the  prototype 
service  were  discussed  along  with  features  and  teaming. 
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7  CONCLUSIONS 


Figure  13  provides  a  sampling  of  positive  comments  from  workshop  attendees. 


“...best  run  government  workshop  that  I  have  been  to.  Everyone  attending  was  engaged  in  what  was  being 

presented.” 

“Very  informative.  This  was  information  that  needed  to  be  discussed  at  this  time.” 

“Well  worth  the  time  and  travel.  Not  disappointed.” 

“Surprised  at  the  number  of  people  that  stuck  around  for  the  2nd  day.” 


Figure  13  -  TSS  Workshop  Quotes  from  Attendees 

7.1  TSS  Workshop  Completed 

From  the  TSS  workshop  emerged  seven  (7)  very  strong  TSS  cloud  foundational  supporters 
and  early  adopters: 

1 .  Air  Force  Research  Laboratory  (AFRL) 

2.  Sandia  National  Laboratories  (SNL) 

3.  Navy  SPAWAR 

4.  Boeing  Corporation 

5.  IBM  (1)  Software  Group  &  (2)  Microelectronics 

6.  Cisco  Systems 

All  of  the  TSS  Workshop  presentation  materials  have  been  uploaded  to  the  Nimbis  Services 
TSS  Workshop  website.  Access  to  the  materials,  for  Government  only,  has  been  made  available 
through  Nimbis  Systems  Inc. 

The  workshop  proved  to  be  an  opportunity  to  consolidate  key  opinions  and  defined  the  need 
for  the  TSS  cloud  for  semiconductor  design  across  the  Aerospace  &  Defense  industry.  It  was 
extremely  important  for  the  NSA  TAPO  executive  personnel  and  program  management  to  be  in 
attendance  at  the  workshop.  This  provided  a  clear  picture  of  the  need  to  further  explore  the 
opportunity  for  enhanced  productivity,  reduced  schedules,  and  paradigm  shift  in  semiconductor 
design  that  the  TSS  cloud  could  provide. 

7.2  TSS  Workshop  Results 

The  TSS  Workshop  provided  a  venue  that  allowed  the  present  state  of  the  DOD 
semiconductor  design  business  to  be  documented  and  reviewed.  The  demand  for  a  consolidated 
solution  for  semiconductor  design  across  the  DOD  is  high.  The  time  is  also  right  for  the  DOD  to 
take  the  same  steps  that  commercial  semiconductor  design  companies  have  taken  in 
consolidating  and  standardizing  semiconductor  design  flows.  The  TSS  Workshop  has  reinforced 
the  DOD’s  organizational  nature  in  that  the  DOD  is  a  much  larger  entity  than  any  single  private 
semiconductor  company.  The  DOD  has  a  need  for  distinct  compartmentalization  and  yet  must 
also  leverage  the  cost  advantages  of  economies  of  scale  and  productivity  efficiencies  that  come 
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with  standardized  processes  and  collaboration.  The  TSS  Cloud  provides  an  enterprise 
architecture  that  can  meet  the  diverse,  yet  collaborative  constraints  of  DOD  semiconductor 
design. 

The  TSS  Workshop  identified  a  core  group  of  TSS  Cloud  “early  adopters”  from  which  the 
initial  enterprise  architecture  can  be  tested  and  evolve  based  upon  the  use  case  models 
represented  by  these  core  early  adopters.  In  Sandia  National  Laboratories  case,  the  SNL 
semiconductor  design  team  appropriately  tapped  Sandia’ s  Information  Systems  Analysis  Center 
(ISAC)  to  determine  if  a  secure  cloud  technology  for  semiconductor  design  could  be  developed. 
The  positive  affirmation  from  Sandia  ISAC  provided  the  basis  upon  which  Sandia  National  Labs 
Microsystems  organization  could  move  forward  in  cooperating  with  the  DOD  in  championing 
the  TSS  Cloud  as  a  solution  to  meet  their  future  needs. 

The  TSS  Workshop  attendees  represented  all  four  (4)  TSS  identity  profiles,  namely,  (1) 
Designer,  (2)  Foundry,  (3)  EDA  Supplier,  and  (4)  IP  Provider.  One  of  the  key  issues  coming 
into  the  TSS  Workshop  was  whether  the  TSS  Cloud  could  effectively  create  a  collaborative 
ecosystem  under  which  all  four  TSS  identity  profiles  could  effectively  carry  on  profitable 
business  operations.  As  evidenced  from  workshop  contributions  and  participation  from  Cadence 
Design  Systems,  Synopsys,  and  Magma  Design  Automation,  the  workshop  established  a 
cooperative  attitude  under  which  the  TSS  Cloud  could  be  developed  and  Nimbis  Services  would 
be  able  to  provide  a  utility  cloud  offering  the  broadest  spectrum  of  EDA  tools,  foundry  services, 
and  SIP.  Figure  14  outlines  an  additional  set  of  summary  statements  of  consensus  and  issues  that 
the  TSS  Workshop  was  able  to  identify  and  articulate  for  further  discussion  and  research. 
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General  Consensus 

•TSS  portal  concept  is  addressing  a  problem  in  the  A&D  SoC  design  community  that  has  been  pervasive  for 
MANY  years. 

•The  present  state  of  SoC  design  is  driving  the  urgency  of  a  solution  now. 

•  Present  state  of  IT  technology,  semiconductor  stakeholder  business  models  and  concerns  have  created  a 
“perfect  storm”  for  progress. 

•  Importance  of  collaborative  design  environment 

•DoD  design  competiveness  &  viability  necessitate  addressing  SoC  design  costs  and  manufacturing  FROM  the 
design-to-release-manufacturing  phase 

•Need  more  details  on... 

•Proposed  TSS  architecture,  early  adopters 

Issues 

Security 

■>  Non-uniform  level  of  understanding  of  multi-tenancy/cloud  IT  security  architectures 


•  EDA  companies  workshop  presence  and  feedback  emphasizes  a  win-win  scenarios... 

•One  EDA  vendor... 

•"this  A&D  sector  represents  a  niche  segment  that  can  effectively  explore  delivering  a  cloud-based  model.” 
•Willingness  to  proceed  in  business  discussions. 


Figure  14  -  TSS  Workshop  Summary  Points 
7.2.1  TSS  Endorsement 

A  TSS  Workshop  Summary  Briefing  was  presented  at  the  Trusted  Foundry  Workshop  in 
Burlington,  Vermont  on  Wednesday,  September  21st,  2010.  Sandia  Labs  had  reserved  a  separate 
breakout  session  in  a  conference  room  at  the  IBM  site  in  Burlington,  Vermont.  Approximately 
twenty  (20)  persons  attended  the  summary  breakout  representing,  Synopsys,  IBM 
Microelectronics,  NSA  TAPO,  the  Air  Force  Research  Laboratory,  Boeing  Corporation, 
SPAWAR,  Sandia  National  Laboratories,  and  the  Semiconductor  Research  Corporation  (SRC). 
NSA  TAPO  program  management  executives  attended  both  the  TSS  Workshop  as  well  as  the 
TSS  Workshop  Summary  Briefing  at  the  Trusted  Foundry  Workshop  at  IBM  in  Burlington, 
Vermont. 

An  original  AFRL/Nimbis  goal  for  the  TSS  workshop  was  to  explore  and  build  the  case  for  a 
TSS  Cloud  in  cooperation  with  DOD  Research  &  Engineering  (DDR&E)  and  NSA  TAPO, 
which  manages  the  DOD’s  program  access  for  leading  edge  semiconductor  technology  process 
nodes,  primarily  through  the  IBM  Microelectronics  trusted  foundry.  During  the  TSS  Workshop 
Summary  Briefing,  the  presentation  of  the  TSS  Workshop  results  and  the  input  from  the  briefing 
attendees  was  compelling  enough  for  NSA  TAPO  program  management  to  acknowledge  the  TSS 
benefit  and  the  need  for  further  consideration  and  study.  NSA  TAPO  program  management  also 
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called  for  an  additional  TSS  Cloud  development  study  from  the  Institute  for  Defense  Analyses 
(IDA)  to  work  with  Nimbis  Services  and  the  AFRL  in  defining  the  strategy  and  direction  of  the 
TSS  Cloud. 


7.2.2  Sandia  National  Laboratories  (SNL) 

SNL  management  and  technical  lead  personnel  contributed  greatly  to  the  convincing 
arguments  for  the  development  and  need  for  the  TSS  cloud  implementation.  SNL  had  two  senior 
directors,  Tom  Zipperian  and  Gil  Herrera,  who  attended  the  TSS  Workshop  Summary  Briefing. 
Both  SNL  directors  offered  frank  and  germane  comments  relative  to  the  importance  of  the  TSS 
strategy. 

Additional  research  and  investigation  relative  to  the  TSS  production  cloud  implementation  is 
being  conducted  by  TAPO,  the  SRC,  and  Nimbis  Services.  A  final  note  from  the  NSA  TAPO 
program  management  has  requested  Nimbis  Services  to  prepare  a  TSS  IT  cloud  security  briefing 
to  the  NSA  that  includes  a  comprehensive  TSS  cloud  security  architecture  strategy. 

7.2.3  IBM  Microelectronics  TSS  Cloud  Commitment 

Discussions  between  Nimbis  Services  and  IBM  Microelectronics  VP  of  EDA  and  Senior 
Technical  Staff  Member  (STSM)  personnel  secured  IBM’s  commitment  to  allow  Nimbis 
Services  access  to  IBM’s  internal  Design  Cloud  semiconductor  design  reference  flow.  Nimbis 
Services  will  work  with  IBM  Microelectronics  to  provision  the  IBM  Design  Cloud  architecture 
as  a  serviceable,  utility  cloud  computing  service  model  for  the  TSS  Cloud  V  1.0  as  an  EDA  tool 
flow  offering  to  both  A&D  and  non-government  SoC  design  teams.  Augmenting  the  IBM 
Design  Cloud  as  a  base  for  the  TSS  Cloud  architecture  will  provide  a  rapid  production  grade 
semiconductor  design  service  for  the  DOD.  As  a  first  product  offering  through  Nimbis  Services, 
the  TSS  Cloud  VI. 0  will  serve  as  the  basis  for  enhanced  SoC/Stratus  Flow  reference  flows  for 
subsequent  generations  of  TSS  Cloud  releases. 

7.3  Tasks  2  &  3  &  TSS  Production  Prototype  Next  Steps 

Nimbis  Services  and  the  AFRL  are  now  in  communication  and  contract  review  of  the  original 
Statement  of  Work  (SOW)  and  deliverables  for  Tasks  2  &  3  in  a  follow  on  project.  Various 
other  sponsoring  avenues  for  the  TSS  Prototype  shown  in  Figure  15  are  under  review. 
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AFRL  TSS  Study 
Project 


Taskl 

TSS  Workshop 


Task  2 

TSS  IT  Enterprise 
Architecture 


Task  3 

Phase  1 1mplementation 
Plan 

> - 

V _ 


Demonstrotion 

Cloud 

6-9  Months 


Implementation 

Prototype 

15-24  months 


StratusFlow 
Implementation, 
Selected  combined 
flow,  cloud  demo, 
i.e.  AFRL/SNL 

_ 


Datacenter  OEM 
evaluation 


Figure  15  -  TSS  Prototype  Proposal 
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8  ACRONYMS 


A&D 

AFRL 

CAD 

CDNS 

CMOS 

DDR&E 

DISA 

DOD 

DOE 

DRM 

EDA 

IDA 

IaaS 

IP 

ISAC 

IT 

MEMS 

NDA 

NMBS 

NSA 

PPUF 

PUF 

SaaS 

SIP 

SNL 

SNPS 

SOA 

SoC 

SPAWAR 

SRC 

sw 

TAPO 

TSS 

TSS-DC 

UCS 

UCLA 

USG 


Aerospace  &  Defense 
Air  Force  Research  Laboratory 
Computer  Aided  Design 
Cadence  Tools 

Complementary  Metal  Oxide  Semiconductor 
Department  of  Defense  Research  &  Engineering 
Defense  Information  Systems  Agency 
Department  of  Defense 

Department  of  Energy 
Digital  Rights  Management 
Electronic  Design  Automation 
Institute  for  Defense  Analyses 
Infrastructure-as-a-Service 
Intellectual  Property 
Information  Systems  Analysis  Center 
Information  Technology 
Micro-Electro-Mechanical  Systems 
Non  Disclosure  Agreement 
Nimbis  Services 
National  Security  Agency 
Public  Physically  Unclonable  Function 
Physically  Unclonable  Function 
Software-as-a-Service 
Semiconductor  Intellectual  Property 
Sandia  National  Laboratories 
Synopsys  Corporation 
Service  Oriented  Architectures 
System  on  a  Chip 

Space  and  Naval  Warfare  Systems  Command 
Semiconductor  Research  Corporation 
Software 

Trusted  Access  Program  Office 

Trusted  Silicon  Stratus 

Trusted  Silicon  Stratus  Demonstration  Cloud 

Unified  Computing  System 

University  of  California  at  Los  Angeles 

United  States  Government 
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